Linux Firewall Hardening

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a coherent firewall-hardening playbook, but its verification step has overbroad side effects that can disable rollback or unrelated scheduled jobs without clear user control.

Review carefully before installing or running on a remote server. Do not run the apply or verify scripts unless you have console access, a tested second SSH session, backups, and a known rollback timer. Treat firewall-verify.sh as a mutating finalize step, not a passive check, because it may cancel scheduled jobs and rollback state.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (10)

Intent-Code Divergence

Medium

Confidence: 91% confidence
Finding: The document states that unsupported backend features must hard-fail, but the examples and fixtures appear to rely on behavior that omits or bypasses such incompatibilities. In a firewall-hardening skill, this inconsistency is dangerous because operators or downstream agents may believe a control is enforced across backends when it is silently dropped, producing weaker-than-intended network policy.

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The nftables public-web-server profile documents SSH rate limiting, but the immediate unrestricted fallback rule `tcp dport 22 accept` nullifies the control. An attacker can continue making unlimited SSH connection attempts after the rate-limited rule, defeating brute-force protection and creating a mismatch between the documented hardening intent and actual enforcement.

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The bastion-host firewalld example adds unrestricted SSH access via `--add-service=ssh` or `--add-port=...` and then also adds a rate-limited rich rule, but the broad allow rule permits SSH regardless of the limit. On a bastion host, this defeats the advertised aggressive rate limiting and weakens protections against brute-force and credential-stuffing attempts.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The script claims it is 'safe to run anywhere; makes no changes,' but it does perform outbound HTTP probes to link-local cloud metadata endpoints. While it does not modify the system, this behavior can still violate operator expectations, trigger monitoring, and in some environments leak contextual information or create unwanted network side effects.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: This script is presented as post-hardening verification, but on success it also cancels rollback jobs and deletes state. That creates non-obvious side effects in a safety-critical workflow: a mistaken success signal, partial check coverage, or execution in the wrong directory/context can disable recovery mechanisms and make a bad firewall change permanent.

Intent-Code Divergence

Medium

Confidence: 91% confidence
Finding: The header says this is only a verification checklist, but the implementation mutates rollback schedulers and local state. This mismatch is dangerous because operators, orchestrators, or AI agents may treat the script as safe-to-run validation when it actually changes system recovery behavior.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The document instructs users to run `sudo ufw --force enable`, which suppresses the usual confirmation prompt and can immediately alter host reachability. In a firewall-hardening skill, this is operationally relevant because if SSH or other required management access is not correctly allowed first, a remote administrator can lock themselves out of the system.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The file provides privileged firewall modification commands and restore operations without a prominent warning about lockout, service interruption, or the need for out-of-band access. In this skill context, users or agents may execute these commands on remote hosts and immediately sever SSH or application connectivity, causing denial of service or administrative lockout.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The script performs runtime network requests to metadata services without any user-facing disclosure at execution time, only in comments. In a security-sensitive audit skill, undisclosed network activity is risky because operators may assume the script is passive and offline-safe when it is not.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: Successful verification automatically cancels pending rollback jobs and deletes the state file without any explicit confirmation or strong binding to the originating hardening operation. If checks are incomplete, spoofed, or run from an unintended environment, recovery is silently disabled and firewall misconfiguration may persist, potentially causing lockout or exposure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal